As Remy Baumgarten proceeds with his presentation of Mach-O Viz, a solution for Mac OS X and iOS malware analysis, he dwells on the tool’s entire feature set broken into a variety of options for generating and viewing visualized data about a file of interest. Also, the expert provides a demo of how the application handles the samples of code for some known Mac malware.
Remy Baumgarten from ANRC Services took the floor at Defcon 21 Conference to tell the audience about a new tool called Mach-O Viz which was designed for Mac malware analysis. In particular, the expert focuses on specific capabilities built into the software, its GUI structure, and visualization benefits it provides.
Providing a yet deeper insight into methods for avoiding forensics while using Mac OS X, the Grugq enumerates several more attack vectors, including those associated with zero width Unicode, application file formats, browser cookies and SQLite. In conclusion, the researcher highlights some essential anti-forensics recommendations overall, and answers a few questions from the HIRBSecConf attendees on the topic.
Continuing the review of Mac OS X in the context of anti-forensics methodology, the Grugq delves here into file system attacks, in particular focusing on exploitable aspects of HFS+. The researcher provides an analysis of this file system’s components and makes an insight into the essence of B*tree nodes and data forks, singling out the ways to use those while conducting HFS+ attacks.
The Grugq, a well-known anti-forensics researcher with substantial computer security background, outlines the key issues related to counter-forensics for the OS X platform while participating in HIRBSecConf event. During this presentation entitled “How the Leopard Hides His Spots”, the Grugq, in particular, describes the techniques that help evade application-level file format attacks, HFS-specific attacks, SQLite-based attacks, etc., based on his previous experience.